The invention relates to a process for the cryptographic processing of data, wherein a data entity containing a clear text and data transmission routines and a coded text entity containing cryptodata and data transmission routines, are transmitted in the form of packets to a cryptographic system, which comprises at least one coding/decoding generator and which produces output signals containing the cryptodata or the clear data, respectively. The invention further concerns a cryptographic system for the coding of clear text and the decoding of cryptodata, with a clear text interface and at least one coding/decoding generator.
Processes and systems of the aforementioned type are in worldwide use in order to protect data communications between two or more users from being accessed by unauthorized persons. Although initial applications were primarily of a military nature, the emphasis has shifted more recently to civilian areas in view of data protection laws and known misuses, for example in banking and industry. There exists a justifiable interest in making information relative to business transactions or scientific results accessible to a limited, authorized group of persons only. In many of the automated cryptographic processes heretofore used for this purpose, user data in packet form, together with the data transmission routines, are processed and transmitted cryptographically. Data packets processed in this manner are readable by cryptographic systems equipped with the appropriate keys, while for other intermediate devices the content of the user data remains hidden; they are not able to resolve the structure of the individual data packets. This, however, presents a problem for advanced data transmission systems, in particular the planned and in part already operational service integrating digital network covering entire areas (ISDN--Integrated Services Digital Network), which combines the separate long distance transmission systems for different forms of communication (voice, text, image and data services) in a public transmission system. In designing this and similar integrating systems, cryptographic processes were not considered in writing standards for data transmission routines. On the other hand, intermediate transmission devices (satellites, remultiplexers, relay centers, etc.) require information relative to the structure contained in data transmission routines of the data packets transmitted.
It has therefore already been proposed to cryptographically process the user data only. In an article in "Proceedings of the Seventh International Conference On Computer Communication," Sydney, Oct. 30-Nov. 2, 1984, pp. 854-859, Elsevier Science Publishers B.V., Amsterdam NL, the authors E.G. Graham & al. write that in byte-synchronized transmission it is necessary to leave the synchronizing information in the heading data in clear text. It is also mentioned that at the end of the data packet an information sequence must be transmitted to the receiver, so that the receiver will discontinue the decoding process and return to clear text operation. The receiver must therefore be informed when a transmission begins and when it is terminated.
In the process described in Patent Abstract of Japan, Vol. 10. No. 87 (E-393)[2144], Apr. 5, 1986, and in JP-A-60 230 737, an entire packet is on the one hand cryptographically processed, and on the other, passed through in the clear. A timed multiplexer insures the correct mixture of clear data and encoded data. In particular, the 0-31 data bits are transmitted in the clear, with a cryptogram conversion being effected to make certain that the cryptodata contain no &lt;32 bits. Only then is it possible to install synchronous reception. This process is suitable for transmission within a certain data format. If the data format is altered, for example in transmissions from Europe to the USA, the receiver falls out of step and no meaningful decoding of cryptodata is possible.
Ep-A-94 031 (US-A 4 661 657) describes a process for the transmission in blocks of encoded data, in which it is possible to substitute synchronizing data for user data. FR-A-2 446 568 specifies that in a transmission of packet data the signaling bytes at the beginning and end of the transmission must be sent in clear. In this manner, the receiver is informed that a transmission is starting or terminating.
Finally, US-A-3 627 928 describes a cryptographic system for use with telepromters. In this type of cryptographic transmission the start bit and the stop bit are longer than the data bits. They are transmitted in clear and are recognized by the receiver.
All of these processes are applicable to data formats containing clearly recognizable starting and stopping information. These include a series of so-called "flags," which are sent at the start of a transmission (for example X.25 routine) and make synchronization at the receiver possible; and start and stop bits which have a length different from that of the data bits. In these data formats there is always a dependence between user data and control data, so that in a cryptographic system it must always be considered that CRC (cyclic redundancy check) information must be recalculated following the cryptographic processing of the user data. When data formats differ from this format, for example frame formats, these processes fail. The object therefore is to provide a cryptographic process and system, whereby the aforementioned problems are solved. In particular, data packets are to be treated cryptographically, such that the information contained in arbitrary data transmission routines relative to the structure and format of the data packets remains readable by the devices required for data transmission and located between communicating cryptographic systems. Simultaneously, it should be possible to simply replace user data with control data, for example for key changes. In particular, however, a process and a system comprising a simple cryptographic part independent of the data format used and applicable to any data format is provided.